- by Andrew, "Babyface", Neumann
While I had originally set out to blog about a few exciting features available within Postini for encrypting traffic to and from your messaging server, I found myself sidetracked and subsequently uber focused on an issue that I thought was long dead – documenting Users Passwords... on paper... in a centralized location..
Who the heck should care about e-mail security when the most fundamental concept of PC security is ignored, likely by more companies than this IT professional would like to admit. While the prospect of having this secret information is sometimes a Godsend for an IT professional like myself, I assure you it will only lead to death and destruction. Well, maybe not that severe –an upset stomach and possibly a few grey hairs. Make light of this situation and you may find yourself on the receiving end of some pretty nasty results the next time you’re sitting in your board room dismissing someone for inappropriate behavior. Let a few minutes slip by after the termination and you may definitely see some inappropriate behavior. The mad scramble that will follow to try to ensure that the ex-employee doesn’t access your Network through VPN by using another employees credentials. Sonny, did I say an upset stomach and a few more grey hairs? Let me amend that to a one way ticket to a straight jacket as you realize that your confidential company property has suddenly ‘disappeared’ – it was just there this morning, what happened?
You didn’t follow Microsoft best practices and implement a comprehensive Password Security policy to ensure the security of that which you spent your whole life building. Ouch-ers! Microsoft recommends that ALL company employees (including principals) follow these best practices for password protection:
- Always use strong passwords. A password is considered strong if it meets the below minimum criteria:
- Is at least seven characters long.
- Does not contain your user name, real name, or company name.
- Does not contain a complete dictionary word.
- Is significantly different from previous passwords. Passwords that increment (Password1) are not strong.
- Contains characters from each of the following four groups:
- Never share passwords with anyone.
- Use different passwords for all user accounts.
- Change passwords immediately if they may have been compromised.
- Be careful about where passwords are saved on computers. Some dialog boxes, such as those for remote access and other telephone connections, present an option to save or remember a password. Selecting this option poses a potential security threat.
While an IT professional can make recommendations to the principals of an organization extolling the benefits of implementing a universal Password Policy, it is ultimately up to the client to decide what they would like to do. If the decision is made to potentially jeopardize company data, positioning, and security by not implementing a Password Policy forcing users to take the 30 seconds every 45 days to change their password, ensure that you have documented this fact and then sleep soundly knowing that you have put your best foot forward to try and safeguard a client from what could potentially be a very devastating event.
Perhaps a box of ‘Just for Men’ hair color treatment should be part of your IT Engineer Tool Kit?
Ah, the IT Engineer Tool Kit. We love them! Trigon and our kits server Montgomery and Bucks Counties just to name a few. If you'd like a refresher course with your Password rules, be sure to contact us.